Postfix: Handing off messages to Dovecot via LMTP

Executive Summary

Postfix, which is increasingly overtaking Sendmail as the MTA of choice on many Linux distributions, supports some popular message store formats such as MBox and Maildir. But what happens if your MDA uses a message store format not supported by Postfix?

We present a solution for configuring Postfix to hand off messages to an MDA (in this case Dovecot) via LMTP so they can be routed to a message store format suitable to the MDA.

Basic

Postfix provides a number of ways to verify recipients and configure storage for incoming messages. However, maintaining separate recipient database(s) for MTA and MDA can prove cumbersome. Additionally, maintaining separate message store configurations for both MTA and MDA may prove not only cumbersome but in some cases impossible (for example, if the MDA storage format is not supported by Postfix).

Here, we examine how to configure Postfix to hand off messages to an MDA (in this case Dovecot) via LMTP so they can be routed to a message store format suitable to the MDA.

This provides the benefits of using only one recipient database (MDA) and delegating the details of routing messages to the storage format preferred by the MDA to the MDA itself.

Configure LMTP in Dovecot

After activating the Dovecot lmtpd daemon, open up a TCP/IP socket for the LMTP service. This approach avoids potential problems with chroot environments, access permissions or user names (Heinlein pp. 110).

In the Dovecot 10-master.cf file:

service lmtp { unix_listener lmtp { #mode = 0666 } inet_listener lmtp { address 127.0.0.1 port = 24 } }

The above configuration will work if MTA and MDA reside on the same server. But if Dovecot will be routing messages for an MTA on one or more remote servers, exclude the localhost/127.0.0.1 address parameter (Heinlein pp. 121-123).

Configure relay domains in Postfix

The book by Peer Heinlein listed in the references below provides a detailed explanation (Heinlein pp. 111-123) on why to set up domains Postfix will accept mail for as relay domains as opposed to setting them up as virtual domains or defining them in the Postfix $mydestination variable. In the example here, we are accepting Heinlein's rationale since we are handing off message delivery to the MDA.

Heinlein also makes a case for combining the $relay_domains with $transport_map in main.cf. But $transport_map should never be assigned to the relay_domains variable as this would risks making Postfix an open relay (Heinlein pp. 114). So, the correct configuration is:

relay_domains = hash:/etc/postfix/relay_domains transport_map = hash:/etc/postfix/transport/transport, $relay_domains

Postfix address verification

Address verification is a feature in Postfix version 2.1 and later. Address verification is preferred over LDAP or SQL queries in cases where these services are not exposed on the public side of a firewall (Heinlein pp. 116). In most cases Postfix address verification is preferred for performance reasons.

References

  • Dent, Kyle D. Postfix: The Definitive Guide. O’Reilly Media Inc. 2004.

  • Heinlein, Peer. Dovecot - POP3/IMAP servers for enterprises and ISPs. Heinlein Support GmbH, 2016.